# routerboard: yes # model: RB2011UiAS # serial-number: 6089051A9836 # firmware-type: ar9344 # factory-firmware: 3.24 # current-firmware: 7.7 # upgrade-firmware: 7.7 # # channel: stable # installed-version: 7.7 # # # software id = AIBI-2JAF # # model = RB2011UiAS # serial number = 6089051A9836 /interface bridge add name=PTK-NN-SBSJ-01 add name=PTK-RKT-SBSJ-02 add name=PTK-RKT-SBSJ-03 add name=PTK-RKT-SBSJ-04 add name=VLAN add name=loopbridge /interface ethernet set [ find default-name=ether1 ] comment=VLAN set [ find default-name=ether2 ] comment=PTK-NN-SBSJ-01 speed=10Mbps set [ find default-name=ether3 ] comment="PTP REDUNDANCIA" disabled=yes set [ find default-name=ether4 ] comment=PTK-ARG-SBSJ-10 set [ find default-name=ether5 ] comment=PTK-RKT-SBSJ-04 set [ find default-name=ether6 ] comment=CIVIA disabled=yes set [ find default-name=ether7 ] disabled=yes set [ find default-name=ether8 ] comment=PTK-RKT-SBSJ-03 set [ find default-name=ether9 ] disabled=yes set [ find default-name=ether10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=PTK-RKT-SBSJ-02 poe-out=forced-on set [ find default-name=sfp1 ] comment=LINK /interface vlan add interface=sfp1 name=vlan201 vlan-id=201 /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=pool-CGNAT ranges=100.65.4.2-100.65.4.191 add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.10.0/24 /port set 0 name=serial0 /ppp profile set *0 only-one=yes add change-tcp-mss=yes local-address=192.168.40.1 name=profile1 only-one=yes remote-address=pool-CGNAT use-ipv6=no use-mpls=no use-upnp=no add change-tcp-mss=yes local-address=192.168.40.1 name=profile2-radio only-one=yes rate-limit=70m/70m remote-address=pool-CGNAT use-mpls=no use-upnp=no set *FFFFFFFE only-one=yes /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no name=default-v2 originate-default=never redistribute=connected,static router-id=192.168.200.2 add disabled=no name=default-v3 originate-default=never redistribute=connected,static router-id=192.168.200.2 version=3 /routing ospf area add disabled=no instance=default-v2 name=backbone-v2 add area-id=0.0.0.1 default-cost=1 disabled=no instance=default-v2 name=area1-v2 type=stub add disabled=no instance=default-v3 name=backbone-v3 /snmp community set [ find default=yes ] addresses=0.0.0.0/0 name=public-noway write-access=yes /user group add name=gestao policy="local,reboot,read,write,policy,test,winbox,password,sniff,sensitive,!telnet,!ssh,!ftp,!web,!api,!romon,!rest-api" add name=backup policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,password,sensitive,!winbox,!web,!sniff,!api,!romon,!rest-api" #error exporting /interface/bridge/calea /interface bridge port add bridge=VLAN ingress-filtering=no interface=ether5 add bridge=VLAN ingress-filtering=no interface=ether8 unknown-multicast-flood=no add bridge=VLAN ingress-filtering=no interface=ether1 add bridge=VLAN ingress-filtering=no interface=ether10 add bridge=VLAN ingress-filtering=no interface=ether2 add bridge=VLAN ingress-filtering=no interface=ether4 add bridge=VLAN disabled=yes ingress-filtering=no interface=ether3 /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip settings set max-neighbor-entries=8192 rp-filter=loose tcp-syncookies=yes /ipv6 settings set max-neighbor-entries=8192 /interface ovpn-server server set auth=sha1,md5 /interface pppoe-server server add default-profile=profile1 disabled=no interface=PTK-RKT-SBSJ-04 max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=GC-RKT-04 add default-profile=profile1 disabled=no interface=VLAN max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=VLAN add default-profile=profile1 disabled=no interface=PTK-RKT-SBSJ-03 max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PROTEK-RKT-05 add default-profile=profile1 disabled=no interface=PTK-RKT-SBSJ-02 max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=GC-RKT-11 add default-profile=profile1 disabled=no interface=PTK-NN-SBSJ-01 max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=GC-NN-SAOJOAO-01 /ip address add address=192.168.200.2 interface=loopbridge network=192.168.200.2 add address=192.168.254.22/30 interface=vlan201 network=192.168.254.20 add address=192.168.104.1/30 interface=VLAN network=192.168.104.0 add address=192.168.104.25/30 interface=VLAN network=192.168.104.24 add address=192.168.104.29/30 interface=VLAN network=192.168.104.28 add address=192.168.104.33/30 interface=VLAN network=192.168.104.32 add address=192.168.104.122/29 interface=VLAN network=192.168.104.120 /ip dns set max-udp-packet-size=512 servers=45.236.84.18,45.236.84.19 /ip firewall address-list add address=192.168.199.1 comment="IXCProvedor endereco IP do sistema" list=rede_local #error exporting /ip/firewall/calea /ip firewall filter add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address=172.21.10.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.21.10.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address-list=aviso_bloqueio /ip firewall nat add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.21.10.0/24 to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=192.168.199.1 to-ports=8082 /ip route add disabled=no distance=200 dst-address=0.0.0.0/0 gateway=192.168.99.252 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 /ip service set telnet disabled=yes port=2300 set ftp address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 disabled=yes port=52100 set www address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 disabled=yes port=10080 set ssh address=45.236.84.0/22,45.236.86.37/32,192.168.0.0/16 port=10022 set api address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 set winbox address=45.236.84.0/22,45.236.86.37/32,45.187.80.250/32 port=25000 set api-ssl address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32 /ip ssh set allow-none-crypto=yes /ipv6 address add address=2804:4de8:1000::7/128 advertise=no interface=loopbridge add address=2804:4de8:1002:1::1 advertise=no interface=vlan201 /ppp aaa set interim-update=20m use-radius=yes /ppp secret add name=paroquia profile=profile1 service=pppoe add name=pavilhao.provisorio profile=profile2-radio service=pppoe /radius add address=192.168.199.1 comment="IXCProvedor configuracao radius" service=ppp,hotspot,wireless src-address=192.168.200.2 timeout=3s add address=45.236.84.27 service=ppp src-address=192.168.200.2 timeout=600ms add address=192.168.199.1 service=ppp src-address=192.168.200.2 /radius incoming set accept=yes /routing filter rule add chain=ospf-in disabled=no rule="if (dst == 0.0.0.0/0) { set pref-src 192.168.200.1; }" /routing ospf interface-template add area=area1-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=loopbridge networks=192.168.200.2 priority=1 add area=backbone-v2 auth-id=1 auth-key="" disabled=no interfaces=vlan201 networks=192.168.254.20/30 priority=1 type=nbma add area=backbone-v2 auth-id=1 auth-key="" cost=20 disabled=no interfaces=ether3 networks=192.168.254.36/30 priority=1 type=ptp /routing ospf static-neighbor add address=192.168.254.21%vlan201 area=backbone-v2 disabled=no /snmp set contact="Acacio Correa " enabled=yes location="[-26.42434465, -51.31973698]" trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system identity set name=Subida_S_Joao /system ntp client set enabled=yes /system ntp client servers add address=45.236.84.23 add address=200.160.0.8 /system watchdog set watchdog-timer=no